asp.net登录验证数据库

protected void dlu_button1(object sender, EventArgs e)
{
string name = TextBox1.Text;//赋值为前端输入的用户名
string pwd = TextBox2.Text;//赋值为前端输入的密码
string code = tbx_yzm.Text;//验证码
HttpCookie htco = Request.Cookies["ImageV"];
string scode = htco.Value.ToString();
try
{
if (name == "" || pwd == "")
{
Response.Write("<script>alret('请输入账号和密码')</script>");
}
else
{
string str = System.Configuration.ConfigurationManager.ConnectionStrings["Xsa_fruitsDB"].ConnectionString;
// 构造sql查询语句
string sql;
sql = "select name, pwd [User] where name='" + name + "' and pwd='" + pwd + "'";
// 构造连接对象
using (SqlConnection conn = new SqlConnection(str))
{
SqlCommand cmd = new SqlCommand(sql, conn);
// 打开数据库连接
conn.Open();
// 执行查询语句,返回结果集第一行第一列
string tr = cmd.ExecuteScalar().ToString();
if (tr != "")
{
this.tbx_yzm.Text = "";
Response.Write("<script>alert('登录成功');location.href='https://q.cnblogs.com/q/139390/Home.aspx';</script>");
}
else if (code.ToUpper() != scode)
{
Response.Write("<script>alert('验证码输入不正确！')</script>");
}
else
{
Response.Write("<script>alret('账号或密码错误！')</script>");
}
}
}
}
catch (Exception)
{
Response.Write("<script>alret('数据有异常！')</script>");
}

    }

回答

虽然提问和代码槽点很多，但是一眼看过去，SQL语句都写错了, select...from